Today I am releasing my Automated Joomla SQL Injection Exploiter version 1.0 (23th May 2010). [Download here] I wrote this tool because I did not want to write a new exploit every time when a new Joomla (component/module/plugin) SQL injection vulnerability was discovered/revealed. Simply hand over a vulnerable Joomla URL to the tool and receive all Joomla [...]

Today I decided to release my Joomla com_qpersonal SQL Injection Remote Exploit. It exploits a SQL injection vulnerability I found a few weeks ago. The sploit is based on my column fuzzer and the enhanced Joomla exploitation tool I wrote You can find the exploit here.

Edit 23th May: Version 1.1 released. Today I released the Full Automated Column Finder for SQL Injection (Python script). It is a column fuzzer which helps you saving time. [Download here] Description The Full Automated Column Finder helps you to determine the correct amount of columns of the current SQL query. It is useful for [...]

On the 6th May 2010 a new version of Google Skipfish (penetration testing tool/vulnerability scanner) was released. View the changelog here. Download it here. According to the changelog not many things were changed.

I recently had the time to test Google’s Skipfish. It is a fully automated penetration testing tool and was just published some weeks ago. This little tutorial will show Debian/Ubuntu users how to install it and perform the first test. I. Introduction Tools like Nessus and Nmap are indispensable when it comes down to security [...]

View the original advisory here. This is most probably the most funny advisory I ever published. I found some decent vulnerabilities within the code of the very popular counter “chCounter”. It is fact a very cool counter. Simply implement the counter file into your website and view the stats in the admin backend. >> #1 [...]

View the advisory here. The image gallery script “Auto-Img-Gallery” suffers from a XSS vulnerability. Furthermore SQL injection might be possible since I got some SQL errors just by browsing trough the script and playing around with the URI. Still need to find out if there is a way to exploit this.

Please view the original advisory here. The very popular download manager dl_stats suffers from various vulnerabilities. #1 SQL Injection #2 XSS #3 Unprotected Admin Panel The vendor seems to have rewritten the software, since version 2.0 dl_stats is no longer vulnerable to SQLI and XSS. But… 90 percent of the websites using dl_stats did NOT upgrade [...]

The Joomla component com_joltcard suffers from a SQL injection vulnerability. Vulnerable Parameter(s) cardID Example URI index.php?option=com_joltcard&Itemid=XX&task=view&cardID=X +AND+1=2+UNION+SELECT+concat(database())– Selected information gets only displayed within the HTML source code (look at <OBJECT> tag). Please view the advisory here.

View the advisory here. The Joomla component com_pandafminigames suffers from several SQL injection vulnerabilities.